6 Bad IT Security Habits You Need to Kick in 2019

As I write this, it’s early March, and the wind is howling outside my window. We’ve just had several days of subzero weather. Caught in the grip of another Polar Vortex, New Year’s Resolutions to live healthy are a distant memory for many of us.

But while the cold weather may thwart our efforts to be healthier, that doesn’t mean you can’t improve the health of your IT organization before spring. Here are 6 bad habits that can compromise your IT security.

#1 Not admitting you need help. Too many IT leaders refuse to admit that they don’t know what they don’t know. This can be a relatively harmless habit, but not when it comes to IT security. Let’s say you’re migrating a workload to the cloud. If you don’t have an expert guiding your migration, you could be leaving workloads vulnerable.

#2 Not keeping an eye on things. Do you have someone actively monitoring your systems for signs of a cyber-intruder? In the 2018 Cost a Data Breach Survey by the Ponemon Institute, the average time to identification was 197 days. A lot of damage can be done in six and a half months!

Attack vector – The method used by cyberattackers to get access to the victim’s systems.

#3 Ignoring the humans. In 2018, cybersecurity giant Symantec reported that phishing was by far the most used attack vector (71%) followed by watering hole website (24%). You can implement the most sophisticated cybersecurity tools available, but if you don’t educate your employees to the dangers of clicking on unknown links, you’re leaving the door wide open.

Phishing – Tricking someone into clicking on a malicious link. Traditionally, phishing is done through email, but increasingly we’re seeing it in social media platforms and text messages.

Watering hole attack – The victim’s systems are infected when they visit a website designed to look legitimate, but in reality, meant to ensnare a targeted group of users.

#4 Not revoking credentials. Regulations such as PCI 8.1.3 require you to immediately revoke system log-in credentials when an employee leaves the business for any reason. Yet, the internet is filled with anecdotes from people who say they could access their former employer’s (or client’s) systems months after they’ve left.

#5 Silo thinking. We all know that silo-thinking is a problem for the organization as a whole. Yet, it is still rampant in many large IT organizations. One of the best examples is IT security and disaster recovery. The larger the organization, the more likely these two vital areas will be led by different people. However, in the most recent Cost of Data Center Outages Report available from the Ponemon Institute, cyber attacks were the second leading cause of unplanned outages (22%). IT security and Disaster Recovery teams need to collaborate to protect the organization.

#6 Putting up with jerks. It’s more than a cliché. IT Security roles often attract people who struggle with human interaction. They can come across as anything from rude to arrogant, and without necessarily meaning to, they can make your non-experts feel stupid. IT security requires open communication and collaboration across many departments. You need to make it clear you won’t put up with poor behavior whether it’s coming from an internal employee or an outside vendor.

You could be less than twenty-one days from a healthier, stronger IT environment

Experts say it takes about twenty-one days for a new and better behavior to become a habit. You can overcome all of these bad IT habits within that timeframe – sometimes even less. Need help? Give us a call. We’d love to discuss your IT security strategy and help you create a personalized plan for improving your IT security health.